How Paytm fraud happens? Strategy of Fraudster?

How Paytm fraud happens? Strategy / Modus Operandi of Fraudster?

On 21st of Nov, 2019 in the morning one lady tried to use Paytm three times but it didn't work all the times she tried. Then she opted Google pay for the transaction. On the same day, in the afternoon she got a message that her KYC is not completed and she can contact Mr. XYZ for that. She heard that Paytm KYC issue is creating problem to the UBER drivers. She thought that her Paytm was not working because of incomplete KYC. In the evening, she got a call that her KYC is not completed and the fraudster convinced that her KYC is completed about 60%. She on phone enquired about her part to do. The fraudster informed that she can complete her KYC on her own and he will guide her through the process. He informed her to download one app namely "TeamViewer QuickSupport" available on Google Play Store. When she downloaded the app she was asked to allow for permissions to run the app on her phone.

➢ Victim installed the app on her phone from Google Play Store 👇

➢ The fraudster asked for TeamViewer QuickSupport ID to get control over victims phone 👇

➢ In the following example seen that the victim’s phone is now under control of the fraudster. As we can see the screen of the victim's phone along with a Pointing Hand as a mouse on fraudsters phone👇

Soon after getting full control over the victim's phone fraudster said he wanted to increase her paytm credit limit. And for that she does not need to tell the fraudster any details but she needs to enter the details on her own. At first, she denied to increase any credit limit but the fraudster convinced that there should be some limit that she wanted to have. She got convinced finally to enter the details because she did not have to tell the fraudster any details. But she was not aware that the details she entered could actually be seen by the fraudster. Soon after entering the details by her one transaction occurred for ₹ 1. She did not suspect because for authentication Google and other apps use such transaction of ₹ 1 and reverted to the account very soon. The second transaction was about ₹ 14,999. When she asked the fraudster about those transactions she was told that her Paytm limit was increasing. Third transaction was about ₹ 9,999. When such transactions was happening got a call from HDFC and she informed the bank that those transactions were not done by her. In spite of her information to the bank 3 more transactions happened and her account got empty. The fraudster could have access to her another account and started transaction. Finally when the ‘TeamViewer QuickSupport’ app was uninstalled from her phone no further transaction could be done from her account.

Therefore, it is important to know the functioning and purpose of any application before installing on our phones. Here, in this case the victim installed the app from Google Play Store the only trusted source to get any application on Android phones but the victim is not aware of the usability of the app. The ‘TeamViewer QuickSupport’ application is designed to troubleshoot issues remotely by experts or when we want others to operate on our computers and phones remotely. It is seen that, Cyber Criminals / fraudsters are not doing anything out of the box but they have good knowledge of digital platforms so they know how to exploit features of particular application for their own benefit. Hence, awareness is important for all of us.

Courtesy:  Assam Police Cyberdome, Guwahati

Please follow the links:

https://cybercrime.gov.in

https://mha.gov.in/division_of_mha/cyber-and-information-security-cis-division/Details-about-Indian-Cybercrime-Coordination-Centre-I4C-Scheme

Why awareness is important in Cyber related crimes ?

Awareness on uses of Computer, Internet and Cyberspace

In India after launching off Reliance Jio, mobile phone users increased and internet penetration rate also increased with low data rates. But, most of the users are not proficient enough in computer technology. Although, most of the users are using internet to watch videos on YouTube, using social media platforms and financial transactions as well. Since, users are not literate enough in computing some easily get deceived, some are committing crimes knowingly or unknowingly, some are not aware that particular act done by him or her come under a crime. Thereby, awareness and computer

literacy is the need of the hour. If we look at our youth some are using social platforms like YouTube to learn something using audio-visual medium. Since, in the last few years YouTube become so popular that everyone coming up with their own channel with some poor content as a source of income. As a result, when we search for a particular topic channels with maximum subscribers prioritised first irrespective of quality content. So, when we make a search for some content until and unless we look for two or three videos of a particular topic we cannot come up with a fruitful result out of that. It is good that these platforms paved the way for our youth to be a source of income. But in the same way some YouTube channels are used for propagating and advocating particular ideology and spreading hatred. Now a days, it is very common to upload videos for publicity stunt and get

viral. In the line of YouTube, WhatsApp messenger is also used to spread short video clips to spread fake information to create propaganda. When we talk about Facebook and Twitter few years back people having some basic idea of computer and internet used to have accounts. But, now it is seen that people start learning computer and internet using social media platforms, messaging apps and using various application in their mobile phones. It is true that people are learning and getting matured day by day having some good or bad experiences.

It is very important to mention here that other than youth our children are to be protected first. It is seen that, we give mobile phones to our children for playing games. But, we must be careful because some games are especially designed for luring and online grooming of our children for committing some illegal act. Since, some of the crimes are not instant but in reality it the result of a long term process. If we personally look into some games it has messaging facility side by side. Through which criminals may engage our children and may persuade to accomplish tasks on their behalf. Therefore, parents must look into the online activities of children. 

From Indian perspective since users of internet are not matured enough but using internet for buying

goods online from shopping sites like Amazon, Flipkart etc and paying money digitally using banking cards and net banking. It is commonly seen some users get easily deceit by Vishing (Voice Phishing) and Phishing etc. Some criminals put skimmer devices on ATM machines. These are very common tricks of cyber criminals for identity theft. Again, now a days it is seen when we look for helpline number for certain services on Google search the fake helpline numbers comes first. Generally, it is seen for voice phishing criminals use VoIP (Voice Over Internet Protocol) call services. If we look for VoIP call services on internet innumerable sites and Android apps found on Play-store which use some virtual number to make calls to the victim. Therefore, it is a good practice not to receive any phone call with unknown numbers. 

As we all know, due to the advancement in technology we are directly or indirectly become a part of cyberspace. For example, individually we may not use internet and may be abstain from using smart phone etc but our datas like Banking details, details of Voter ID, PAN card etc all are stored somewhere in servers or cyberspace that we cannot ignore. Hence, everyone can be a victim of at least data theft. Generally, people having idea of internet and cyberspace use to store their photos, documents etc either on Google drive or Microsoft OneDrive etc. It is seen that major companies like Google, Microsoft etc are providing minimum of 10 GB space to each individual for free along with Email service. We are using it too since these companies are not treated like companies anymore. There are so many search engines but when we want to look for something we use Google only without second thought. And we are trusting these companies blindly. For instance, reputed companies like Facebook had to pay for a huge fine recently due to the leakage of user data. So, we cannot say that our data stored on these servers are safe. Hence, it is a good practice to use Two-Factor Authentication (2FA) before accessing such data stored on the cloud to make it more secure. Since, we are accustomed to use those services for ease of access but must be careful before storing crucial information. 

It is seen that we are part of cyberspace and cyber crimes are increasing day by day. Sometimes we cannot identify that certain acts come under cyber crime. Hence, some goes unreported. In some cases, it is become so serious that victim do not want to file a complaint since his or her credential may be misused. Sometimes, our children get groomed online by criminals to perform certain act for fun. Later on such contents are used for cyber bullying to commit some other crimes. Hence, it is our joint responsibility to learn and educate others.

In this regard, Government of India has taken a great imitative by introducing National Cyber Crime Reporting portal through the website of Ministry of Home Affairs specially for cyber crimes against children and women.

Please follow the links:

https://cybercrime.gov.in

https://mha.gov.in/division_of_mha/cyber-and-information-security-cis-division/Details-about-Indian-Cybercrime-Coordination-Centre-I4C-Scheme

Comment on Social Media Platforms

Comment on Social Media Platforms

If we look into social media platforms the user profiles are proliferating day by day. In the same way, fake profiles are also increasing with various motives. Since, identity of users are not verified by the social media platforms before creating accounts for individuals and organisations. Thereby, there is no control over huge proliferation of fake accounts on popular platforms like Facebook, Twitter, Instagram etc. It is seen in the last few years that these fake accounts are commonly used for evil motives like propagating fake information, spreading hatred to achieve political mileage, advocating particular ideology etc. In the line of social media platforms uses off messaging apps like WhatsApp, Telegram are also increasing to spread fake news and for grooming particular community for particular purpose. 

The internet we are accessing is only the tip of the iceberg. The real information are hidden in the dark web. Most of the crimes like buying drugs, smuggling illegal weapons using bitcoin, spreading CSAM (Child Sexually Abusive Material) contents etc are committed in the dark web platforms like @Connect, FreedomBook (the dark Facebook) etc.

In this context, Government of India have taken a great initiative by launching Cyber Coordination Centre (CyCord) through Ministry of Home Affairs website as a one-stop platform for sharing all cyber related matters amongst Law Enforcement Agencies (LEAs), Government organisations and other stakeholders.